Tuesday, September 20, 2016

ICS-CERT Publishes Moxa Advisory

Today the DHS ICS-CERT published a control system security advisory for an unquoted service path escalation vulnerability in Moxa’s Active OPC Server application. The vulnerability was reported by Zhou Yu. Moxa has produced a new version to mitigate the vulnerability. ICS-CERT reports that Yu has verified the efficacy of the fix.


ICS-CERT reports that a relatively low skilled attacker with local access and network credentials could exploit this vulnerability to allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

No comments:

 
/* Use this with templates/template-twocol.html */